Want to see a textbook definition of irony? Look no further than Indexeus, a search engine that primarily exposes the info of malicious hackers caught up in the very sort of data breaches that they inflict on others. As it was originally structured, people had to “donate” $1 for every record they wanted to purge from the engine’s index; in other words, they had to pay to avoid the wrath of their fellow thieves. This was ostensibly to create “awareness” of susceptibility to attacks, but critics have complained that it amounts to extortion.
Some hackers are learning what it’s like when the hunters become the hunted. A new search engine called Indexeus offers an easy way for ne’er-do-wells to look up login credentials from over a hundred hacks, including recent high-profile dumps of Adobe and Yahoo credentials. But there’s a catch: most of the data indexed by the service comes from hacks of forums and websites popular with the underground hacker community. In other words, the search engine is marketing itself to the same people that it is exposing. But that’s all part of the business plan, reports Krebs on Security. The men behind Indexeus planned to offer protection services — pay the site a “donation” of $1 per record, and you can have your sensitive info removed (or “blacklisted”) from the search engine. As a disclaimer on the site originally explained, “The purpose of Indexeus is not to provide private informations about someone [sic], but to protect them by creating awareness. Therefore we are not responsible for any misuse or malicious use of our content and service.”
